Download
| Alert*
DSA-2791-1 tryton-client -- missing input sanitization
Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client has write access.
|